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© This invention deals with a safe key distribution 
and authentication in a data communication network 
(e.g. wireless LAN type of network). 

The network includes a network manager to 
which are connected, via a LAN wired circuit, one or 
more base stations. Individual remote stations are. in 
turn, wirelessly connected to an installed base sta- 
tion. 

One essential function for achieving security in 
such a network, is a mechanism to reliably authen- 
ticate the exchanges of data between communicat- 
ing parties. This involves the establishment of ses- 
sion keys, which keys need to be distributed safely 
to the network components. An original and safe 
method is provided with this invention for key dis- 
tribution and authentication during network installa- 
tion, said method including using the first installed 
base station for generating a network key and a 
backbone key, and then using said first installed 
base station for subsequent remote station or addi- 
tional base station installations while avoiding com- 
municating said network key. 
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Reld of the Invention 

This invention deals with key distribution and 
authentication in a data communication network, 
and more particularly with key authentication in a 
w reless LAN type of network. 

Background of the Invention 

Conventional data communication networks in- 
clude a host station or network manager providing 
network control by being connected to a network 
including one or several node stations, which, in 
turn concentrate and manage the traffic provided 
from/to remote terminal stations. In principle, sev- 
eral terminal stations are attached to each node 
station, such as to provide a sub-network which 
can be referred to as a cell. 

One such network to be more particularly con- 
sidered in this invention may be defined as a 
wreless Local Area Network (LAN). Such a network 
to be disclosed in details in the following descrip- 
tion includes remote stations connected to individ- 
ual nodes or base stations, via radio links with the 
base station(s), in turn, connected to a host (or 
network) manager (herein also referred to as wire- 
less manager) via a wired LAN circuitry. 

But regardless of be the network architecture, 
the data traffic must be protected as the system 
poses increasing threats to the security of commu- 
nications and operations involving end-users and 
network components. 

This problem has already received particular 
attention from the data communication industry 
sector. In fact, security is a must, and customers 
always include this feature in defining their require- 
ments or network functional characteristics. One 
may easily understand their concern on the matter 
when bearing in mind that in such networks the 
flow of data carries very sensitive proprietary in- 
formation relating to the customers company op- 
eration, e. g., cash-flows, prices, correspondence 
within the network, requests from their own cus- 
tomers, etc... 

One essential function for achieving security in 
such a network is a mechanism to reliably authen- 
ticate the exchange of messages between commu- 
nicating parties. This involves the establishment of 
a session key, which key needs being distributed 
safely. 

One such system has been described by S.P. 
Miller, B.C. Newman, J.I. Schiller and J.H. Saltzer, 
as the "Kerberos Authentication and Authorization 
System" of the M.LT. Project Athena, Cambridge, 
Massachussets, December 1987. The proposed 
system requires using physical protection and syn- 
chronization operations. This is however trouble- 
some and a heavy burden to carry when rt ad- 



dresses private networks made for non-technical 
customers wishing to minimize their own implica- 
tions on the network buildup. Besides, it adds to 
the original cost of the network and therefore 

5 makes the proposed network installation less com- 
petitive. Other approaches involve using so-called 
public key cryptography operations which are com- 
putationally expensive and imply the need to com- 
pute and store in a Key Distribution Center, all the 

10 Public key / Private key couples prior to the sta- 
tions initializations. 

In some cases public keys are provided to all 
station attaching to the network, by using carrying 
security personnel which is both heavy to handle 

75 and expensive. 

Another approach requires each station to be ini- 
tialized in a secure central location before being 
shipped to their destination. This is again an ex- 
pensive process, especially if the customer has to 

20 do it. 

Summary of the Invention 

One object of this invention is to provide a 
25 method and system for key authentications which 
is both safe in an insecure network environment 
while being easy to be operated by a non-profes- 
sional user. Another object of this invention is to 
provide such a method for a so-called wireless 
30 LAN network combining both wireless communica- 
tions with wired LAN. 

Still another object of this invention is to pro- 
vide a method for distributing private keys needed 
in an authentication procedure of a wireless LAN 
35 remote and base stations. 

These and other characteristics, objects and 
advantages of this invention will become more ap- 
parent from the following description made with 
reference to the attached figures. 

40 

Brief description of the Figures 

Figure 1 represents a wireless LAN topology 
with a two-level hierarchical network structure 
45 the invention should be applied to. 

Figure 2 represents the complete network in- 
cluding a network manager and showing the 
various items and parameters to be used for the 
invention. 

so Figure 3 (including fig.3a and 3b) figure 4 (in- 
cluding fig.4a and 4b) figure 5 and figure 6 are 
flow charts for implementing the invention. 

Description of the Preferred Embodiment of 
55 the Invention 

This description shall refer to a so-called wire- 
less LAN. 
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It should, however, already be understood, that 
the wireless LAN tc be described herein in further 
details as to those characteristics requested lor the 
invention, should ir no way be considered to be 
limitative. For instance, one should understand that 
tne invention obviously applies to different kinds of 
network architectures, be they wireless or wired. 

However, just for the sake of simplifying this 
description and defining clearly the inventive con- 
cept the description shall refer to a best mode of 
implementation made according to the topology 
represented in the attached figures. 

Lefs first consider a wireless LAN topology 
with a two-level hierarchical network structure, as 
represented in figure 1. The whole geographical 
area to be covered by the communication network 
is divided into cells. Associated with each cell is a 
base station 1, 2 etc, that is connected to a back- 
bone network and acts as access point or relay, to 
a number of remote (mobile) stations 3, 4, 5, 6, 7 
individually commLnicating with one base station 
over a wireless channel. The number of remote 
stations may vary throughout time, some leaving 
and others attaching to the network. Also, the in- 
dividual cells topography may vary since any in- 
dividual mobile station may gain access to the 
network via any of the several base stations. 

Typically, a mobile station registers with one of 
the base stations to gain access to the network. All 
communications between the mobile station and 
other entities are subsequently handled by the 
base station with which it was registered. 

As an example, one may consider the environ- 
ment of an industrial campus consisting of several 
office buildings. The buildings are divided into 
cells, which cells are connected via some back- 
bone network such as a wired LAN (e. g. Ether- 
net/token ring). Mobile stations such as portable 
computer terminals which can operate both indoor 
and outdoor with limited range, use a wireless link 
to access the base stations on the backbone net- 
work. Each base station controls the set of mobile 
stations in its cell. 

The two-level cellular architecture with wireless 
links and backbone LANs, as considered in the 
preferred embodiment of this invention offers sev- 
eral advantages. For instance, non-overlapping 
cells that are some distance apart can have in- 
dependent transmission access channels without 
any interference. Hence, the capacity of the system 
can be significantly increased. In addition, the man- 
agement functions such as signalling and access 
protocol for the wireless access channel can be 
simplified greatly since each cell can be operated 
independently. But this architecture should in no 
way be construed as limiting the scope of this 
invention which, as will become apparent from the 
following description, obviously applies also to any 



other architecture such as one using a higher num- 
ber of levels, for instance. The base station itself is 
actually a router or a bridge between the wireless 
LAN cell and the LAN backbone and in turn up to a 

5 network station or host device. Accordingly, and as 
represented in figure 2, the complete network shall 
also include a network station for managing the 
whole network. Said network manager shall herein 
be also referred to as Wireless Manager. 

10 Communications between remote stations (RS) 

and base station (BS) are performed through 
Adapter Units each including a cell control device 
(CC) or more generally software implemented 
means for performing adapter functions. Each base 

75 station is also provided with a wireless control 
agent (WCA) function, while the network station is 
provided with a wireless manager (WM) function. 
Each base and network station is provided with a 
storage device (DB) including a data base and 

20 ROM facilities in the adapters. 

The description of the operation of these de- 
vices shall herein be limited to sole implication 
within the invention. 

The purpose of the invention is to enable per- 

25 forming an authentication process used to verify a 
station does not usurp the identification of some- 
one else, particularly during network installation. It 
is performed between a remote station adapter and 
its corresponding base station adapter, then be- 

30 tween the base station and the wireless manager or 
more generally speaking the network manager 
(WM). 

During network installation for a given cus- 
tomer, the network manager is first installed. But as 

35 per the authentication process, the operations deal 
with first base installation, then with individual re- 
mote stations, and/or the system may proceed with 
authenticating a second base station (if any), addi- 
tional remote stations, and so on. 

40 Represented in figure 3 is a general flowchart 

of the authentication key distribution method of this 
invention. The upper line shows the locations and 
network sub-system concerned with the authentica- 
tion operations, i. e. : network manager (Wireless 

45 Manager), first base station, (mobile) remote station 
and other base stations (if any). But in addition, the 
flow chart shows that some operations are per- 
formed during the manufacturing of the various 
network components. For instance, a common key 

so Km (the same for all manufactured adapters) is 
hidden by being included in the adapter program* 
mable read-only memory (PROM) at manufacturing 
level. Also, a unique identifier, so-called Universally 
Administered Medium Access Control (MAC) ad- 

55 dress (UA) is also stored in the adapter PROM. 
This address is unique to an adapter. It may be 
made function of specific data provided to the 
manufacturer (e. g. IEEE provided identifier (IEEE 
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address range)). 

Using those adapters, carrying the Km key and 
UA parameters (see step 10 and 11 in figure 3), 
one may start performing the operations for au- 
thentication key initialization (installation) on the 
first base adapter. The process includes installing a 
preliminary key K1 in first base station (step 12), 
then the first base adapter is triggered to generate 
a network key Knet and a backbone key Kb (13) 
using a predefined logical function, from the net- 
work key Knet. Said backbone key Kb is sent to 
the Wireless (network) Manager which stores it into 
a hidden storage position (steps 14 and 15). 

The process may then proceed with installing 
mobile remote stations to be attached to the in- 
stalled base station or installing additional base 
stations. 

As per the remote stations installation, the sys- 
tem starts with reading the universal address (UA) 
stored in the remote station adapter PROM (step 
16), and, by some predefined way, chooses a 
name for the considered remote station (step 17). 
Actually the considered remote station RS user 
runs a program provided with the adapter, conven- 
tionally referred to as the diagnostics program, and 
this triggers the display of the stored UA data. The 
remote mobile station name and address indica- 
tions are forwarded to the network manager WM 
(step 18), e.g. by telephone, or by any other writ- 
ten/verbal means, to the corresponding operator. 
The network manager searches into its stored data, 
for an already installed base (in present implemen- 
tation that would relate to the first or any already 
installed and still active network base), and provide 
it with the received mobile station UA address and 
name information (step 19) through the installed 
wired LAN circuits, for instance. The adapter base 
station encrypts the name by using Knet as an 
encryption key, to derive Knet(name) which ac- 
tually stands for E(Knet, name), where E(x) is an 
encryption function, Knet is used as the encrypting 
key and name is the encrypted data This notation 
will herein be used throughout the following text. 
The first base adapter also generates a new name 
parameter, so-called name', by using a predefined 
logic function using the parameters Knet(name), UA 
and Km (step 20), then sends name' to the mobile 
remote station adapter (step 21) via the wireless 
manager, using a secure protocol. In other words, 
name' acts as a password provided to the remote 
station which avoids communicating Knet(name) in 
clear. The mobile remote station knowing the logic 
function applied in the corresponding base station, 
extracts Knet(name) from name' (step 22) and 
stores it (step 23) safely in some protected mem- 
ory. 

A similar approach is also used to deal with 
installing, additional bases (so-called "another" 



base station), except that in this case, no name 
data is required. 

When the adapter hardware is installed, the 
new base station operator retrieves its UA address 
5 (step 24) using a conventional diagnostics program. 
Before configuring the base station, the operator 
provides this address (UA) to the network admin- 
istrator at the network manager location (step 25). 
The network or so-called wireless manager search- 
70 es for an already installed base (e. g. first base 
station) and provides it with the said UA parameter 
(step 26). The installed base station computes an 
external view of the network key, i. e. Knet', dedi- 
cated to the new base station, as a function of 
75 Knet, UA and Km (step 27) and sends it to the 
network manager using a predefined secure 
(authenticated) protocol. The Knef parameter is 
provided to the target base adapter being installed. 
In some cases, the network might be simplified 
20 with the Wireless Manager function being installed 
in the first base station. Accordingly, this might 
further avoid transporting security data on the LAN 
backbone. The network key is then entered in the 
first base station thru a conventionally installed 
25 configuration menu. 

In any case the new base station extracts Knet 
from the received Knet' (step 29) and installs it 
safely in its base adapter memory (step 30). 

Accordingly the authentication process is also 
30 made as safe as possible by avoiding need for 
forwarding sensitive data in clear, as much as 
possible. 

More detailed information on first base installa- 
tion procedure are provided in figure 4. 

35 The operations start in fact with the network 

manager receiving a request for first base installa- 
tion (step 35). A random generator of any known 
kind is then triggered to compute the preliminary 
key K1 (step 36) and send it to the base through 

40 the LAN wired circuit (step 37). 

The reception of K1 is used to trigger the genera- 
tion of the network key Knet (step 39). This may for 
example be performed by a conventional random 
generator simply generating Knet as a random 

45 number. The same Knet key shall be used for the 
whole network. The base station also computes the 
backbone key (Kb) to be used to encrypt security 
messages when they flow on the LAN backbone. 
Kb is derived from Knet. The Wireless Manager 

so (network manager) is then triggered for starting a 
Kb retrieval process for further use for next base or 
remote station installation (step 40). To that end, 
the Wireless Manager sends a first message 
(AUTH1) to the base station. Upon receiving said 

55 message, the base station generates a random 
number N1 (step 41) and sends it to the Wireless 
Manager (step 42) through a returning message 
(AUTH2). The Wireless Manager stores N1 and 
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randomly generates a number N2 (steps 43 and 
44). The network manager starts then generating 
an authentication requesting message on basis 
similar to those described by Ray Bird et al in 
IEEE Journal on Selected Areas in Communica- 
tions, June 1993. Vol 11 No5 pp 679-693. This 
message contains as parameter the result of K1- 
(BKEY © K1(WM' e K1(N2 © K1(N1)))). 

More particularly, the network manager starts 
encrypting N1 with the key K1, performs a logic 
Exclusive OR (XOR) function, represented by the e 
symbol, with N2, encrypts the result with K1 then 
again performs a XOR function with a parameter 
WM' (a common parameter also known by the 
base adapter as the Wireless Manager identifier), 
re-encrypts with K1, XORes again with a constant 
data BKEY (defined at manufacturing level and 
known by each adapter) indicating that the Wire- 
less Manager wants to retrieve the backbone key 
Kb, and finally encrypts again with K1. The authen- 
tication request message AUTH3 shall also include 
N2 (steps 45, 46). 

This message is forwarded to the first base 
which extracts and stores N2. Then said first base 
station performs (step 48) the same operations that 
were performed in step 45 in order to authenticate 
the Wireless Manager as the originator of the mes- 
sage. The base station starts computing K1(N2 © 
K1(N1)) or in other words encrypts N1 with K1, 
performs a XOR function with N2, and encrypts the 
result again with Kt (step 49). Then the backbone 
key is encrypted with K1 (step 50). And finally K1- 
(Kl(Kb e N2)) is computed in step 51. 

Those authentication parameters are forwarded 
to the Wireless Manager in an authentication mes- 
sage AUTH4 (step 52). 

The Wireless Manager proceeds to base 
adapter authentication by computing K1(N2 e K1- 
(N1)) and comparing the data obtained to the re- 
ceived data (step 53). Then it decrypts the encryp- 
ted backbone key to derive Kb therefrom (step 54). 
It encrypts K1(N2 © K1(Kb)) using the key K1 (step 
55) to enable authenticating the message received 
from the base station (see step 51). Finally, the 
Manager deletes K1, N1 and N2 and stores the 
backbone key in a hidden Manager's memory loca- 
tion (steps 56 and 57). 

Therefore, using a safe authentication protocol, 
the Wireless Manager has been provided with the 
backbone key which shall later be useful to install- 
ing additional base and remote stations that may 
be required to build up the complete data network. 
Let's, for instance, proceed with another (i.e. 2 

,3). 

base station to be attached to the network. This 
involves, as already mentioned in connection with 
figure 3, using the first, or any other installed base 
station which should already store the network key, 



Knet, extract Knet, and provide said network key to 
the base to be installed. For security purposes, 
Knet is not provided as such but rather encoded 
into a Knet* parameter derived from using a 

5 predefined logic function operated over Knet, the 
base adapter UA and the key Km installed in each 
adapter in the PROM containing the code, at manu- 
facturing time. In addition, as already explained 
with regard to figure 4, authentication parameters 

w are also used to reinforce the transmission security 
using again a protocol similar to the protocol rec- 
ommended by Ray Bird et al (see above). 

The "other" new base installation method is 
described in full details hereunder with reference to 

75 figure 5. 

As already mentioned, the new base station 
operator retrieves its address (UA) using a diag- 
nostics program. It then provides the Wireless 
Manager with the UA value (step 60). The Wireless 

20 Manager chooses an installed base station and 
contacts it (step 61) with a message AUTH1. This 
information is used in the base station to trigger a 
random generator providing a random number N1 
(step 62), which is sent to the Wireless 'Manager in 

25 a message AUTH2 (step 63) and stored therein. 
The reception of N1 triggers the generation of a 
random number N2 (step 64). The network Man- 
ager then initiates the generation of the .authentica- 
tion data to be used for network security checking, 

30 i. e. 

Kb(NKEY © Kb(WM' e Kb(N2 © Kb (N1 )))). (1 ) 

with NKEY set during manufacturing in each adapt- 
35 er to be used in the network (written in the micro- 
code). As a matter of fact, NKEY is defined the 
same way BKEY was. 

The message AUTH3 including the result of 
operation (1) and UA and N2 generated in the 
40 Wireless Manager, is forwarded to the already in- 
stalled base selected for delivering Knet informa- 
tion (steps 67, 68). 

The receiving base adapter first authenticates 
the received message origin (Wireless Manager) 
45 by computing : 

Kb (NKEY © Kb (WM © Kb (N2 e Kb(N1)))) (2) 

Should the generated data (2) be identical to 
so (1), authentication test is positive (step 69). Other- 
wise, the process is stopped and a warning is sent 
to a network administrator. 

The base adapter then computes the following 

55 

step 70 : Knef = f(Knet, UA, Km) (3) 

wherein f(x) stands for a predefined logic function 
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performed over the variable x, 

step 71 : Kb(N2 © Kb(N1)), (4) 

step 72 : Kb (Knef), (5) 

step 73 : Kb(Kb(Knef) e N2). (6) 

And the last three parameters are included in 
an AUTH4 message sent to the Wireless Manager. 
Said Wireless Manager starts with checking for 
authenticating the sending base adapter identity, 
by computing Kb(N2 © Kb(N1 )) in step 75 and 
comparing the result to the received data (4). 
Should this test succeed, then the Wireless Man- 
ager proceeds with decrypting Kb(Knef) to obtain 
Knet' (step 76), and use it (step 77) for further 
authentication by computing Kb(Kb(Knet') © N2) to 
be checked for match with (6). 

Then N1 and N2 are deleted (step 78) and 
Knet' is displayed to the Wireless Manager oper- 
ator (step 79) to be forwarded (e. g. by telephone), 
or by any other verbal/written means, to the instal- 
lator of the new base station. Knet' is entered into 
said new base adapter which, knowing the inverse 
function of f(x), derives Knet therefrom, stores it. 
derives Kb from Knet using the same logic as in 
the first base station adapter, and deletes Knet 1 . 
The new base station is then fully installed. 

Represented in figure 6 is the detailed flow- 
chart relative to a remote station installation. As 
mentioned in connection with figure 3, the installa- 
tions of both remote station or "another" base 
station (i.e. other than first base station) look very 
similar to each other, except for the presence of 
the so-called "name" parameter to be used for 
remote station installation and not for the "another" 
base installation. 

Therefore the Wireless Manager (network man- 
ager) is provided with the said remote station ad- 
dress UA and name. Since Knet is to be used in 
the process, the Wireless Manager chooses again 
any actve already installed base station and starts 
with triggering therein the generation of a random 
number N1 . Said N1 is provided to the Wireless 
Manager for storage and triggering of random num- 
ber N2 generation. The network manager initiates 
again the generation of the authentication data, 
which now involves using the "name" parameter. 
The computed data is then : 

step 80 : Kb(name © Kb(WM* © Kb(N2 © Kb(N1))))- 
(7) 

The parameters forwarded to the base station 
now include : UA, N2 and "name" and the result of 
equation (7) (step 81 ). 



The receiving base station authenticates the 
Wireless Manager provenance by performing, as 
was done for said "another" base station (see 
above), the logic operations of equation -7) with the 

5 received parameters and starts encrypting the 
name by using the base stored Knet cata as an 
encryption key and computing a name' as a 
predefined function of (Knet (name), UA and Km) 
(see step 82). 

70 Then start the computations of : 

Kb(N2 © Kb (N1)) 
Kb(name') 

Kb(Kb(name') © N2). 

75 

All these data are included in an AUTH4 mes- 
sage sent to the Wireless Manager. Said Wireless 
Manager starts with checking for authenticating the 
sending base adapter identity through computation 

20 and authentication, of Kb(N2 © Kb(N1)). It then 
decrypts Kb(name') and extracts name*. The au- 
thentication process proceeds with computation 
and authentication of the last parameter, Kb (Kb- 
(name') © N2). 

25 Once these authentications are declared posi- 

tive, name' is displayed on the operator's console 
and forwarded for further use by the remote station 
which extracts Knet (name) therefrom and stores it. 

30 Claims 

1. A method for key distribution and authentica- 
tion for enabling secure data traffic in a data 
transmission network wherein remote stations 
35 are to be attached to a network manager via at 

least one base station, said method including 
for network installation : 

installing a common hidden key Km and a 
unique individual identifier UA in each station 
40 to be used in the network ; 

installing a first base station, said installation 
including : 

generating, in said network manager, a 
preliminary key K1 and installing said K1 key 
45 in said first base station ; 

using said preliminary key . installation to 
trigger the selection, within said first base sta- 
tion, of a network key Knet and of a derived 
backbone key Kb, therefrom ; 
so forwarding said Kb to the network manager 

and 

storing said Kb therein ; 
optionally installing "another" base station, 
said another base installation including : 
55 reading the said another base station iden- 

tifier UA; 

forwarding said another base station iden- 
tifier UA to said network manager ; 



6 




said network manager searching an in- 
stalled base station and providing said installed 
base station with said another base station 
identifier UA ; 

computing within said installed base sta- 
tion a parameter Knet* as a predefined logic 
function of Knet, Km and said another base 
station identifier UA ; 

providing said another base station with 
said Knet' ; 

said another optional base station extract- 
ing said network key Knet from said Knet 1 
based on the knowledge of said predefined 
logic function and storing said network key 
within said another base station ; 

deriving Kb from Knet in the new base 
station; 

installing a remote station, said remote station 
installation including : 

reading said remote station identifier UA ; 

choosing a "name" for said remote station 

providing both said remote station iden- 
tifier UA 

and said name to said network manager ; 

said network manager searching an in- 
stalled base station and providing said installed 
base station with said remote station identifier 
UA and said chosen name ; 

encrypting within said installed base sta- 
tion, said name with said network key Knet, 
and computing a name* parameter as a 
predefined logic function of encrypted name, 
Km and said remote station identifier UA ; 

providing said name 1 to said remote sta- 
tion, said remote station deriving the encrypted 
name therefrom, based on the knowledge of 
said predefined function, and storing said en- 
crypted name into said remote station. 

2. A method for key distribution and authentica- 
tion according to claim 1 , wherein said prelimi- 
nary key K1 is randomly generated within said 
network manager. 

3. A method for key distribution and authentica- 
tion according to claims 1 or 2 wherein said 
network key Knet is randomly generated within 
said first installed base station. 

4. A method for key distribution and authentica- 
tion according to claim 3, wherein said for- 
warding the backbone key Kb to the network 
manager includes encrypting said backbone 
key Kb with the preliminary key K1 and includ- 
ing said encrypted backbone key into a base 
authenticating message using predefined pa- 
rameters known to both the base station and 



the network manager. 

5. A method for key distribution and authentica- 
tion according to claim 1 wherein said provid- 

5 ing said another base station with said Knet' 

includes encrypting said Knet* with said back- 
bone key Kb and including said encrypted 
Knet 1 into a said installed base authentication 
message using predefined parameters known 

w to both said installed base station and said 

network manager and providing said authen- 
tication message to said network manager. 

6. A method for key distribution and authentica- 
75 tion according to anyone of claims 1 through 5, 

wherein said data transmission network is a so- 
called wireless LAN and said remote stations 
are individually connected to a given base 
station via a radio link. 

20 

7. A method for key distribution and authentica- 
tion according to claim 6 wherein said radio 
link uses the so-called frequency hopping 
technique with all the remote stations attached 

25 to a given base station using a same fre- 

quency hopping pattern. 

8. A method according to anyone of claims 1 
through 7 wherein said first base station is 

30 installed within said network manager . 

9. A system for key distribution and authentica- 
tion for enabling secure data traffic , in a so- 
called wireless LAN network wherein remote 

35 mobile stations are to be connected through 

wireless links to a so-called network or wire- 
less manager, via so-called base stations con- 
nected to said network manager via a back- 
bone network including a wired LAN, said sys- 

40 tern being characterized in that it includes : 

read-only storage means within each mobile 
station and base station adapter unit, with a 
common hidden key Km and an individual 
identifier UA stored therein during manufactur- 

45 ing; 

means for installing a first base station, said 
means for installing a first base station includ- 
ing : 

a random generator for generating within 
50 said network manager adapter, a random pre- 

liminary key K1 ; 

means for forwarding K1 to said first base 
station adapter ; 

means, within said first base adapter, trig- 
55 gered by said K1 key for generating a random 

network key Knet, and for deriving a Kb pa- 
rameter therefrom ; 

means, within said base station for encryp- 
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ting Kb with the K1 key. for embedding said 
encrypted Kb within base authentication pa- 
rameters known to both the base station and 
the network manager, anc for transmitting said 
encrypted Kb and autherrj cation parameters to 5 
said network manager ; and, 

means, within said network manager for 
extracting and storing Kb after authenticating 
the originating base station, 

and subsequently installing any remote 10 
station or any additional or so-called "another" 
base station by using means for addressing 
the already installed base station for comput- 
ing therein a predefined function of, inter alia, 
network key Knet, and for forwarding the so is 
computed data to the network manager and 
said any remote station or said "another" base 
station. 

20 



25 



30 



35 



40 



45 



SO 



55 



8 



EP 0 658 021 A1 



Manufacturing 
Plant 



Wireless 
Manager (UH) 



First Base 
Adepter 



Mobile station 
Adapter 



Other Base 
Adapter 



10, 



11. 



Install a common hidden key j (first base install) 
to i n each adapter ROM : ........... • 

s.'(same key for all adapters) 



Install a Unique UA 
in each adapter 
(one UA per adapter) 



15- 



Wireless Manager stores 
Kb hidder in memory 



1 1 

Install a Preliminary 
Key Kl in fi-st base 






Adapter of fii 
computes Kne: 


-«t base 
and Kb 


1 


Kb is sent to 
Manager 


Wireless 



-12 



^13 



-14 



27' 



Compute Kne: ' = f (Knet ,'JA, Km) 
Send it to :he WM 



28- 



Proviee Knet' to the adapter 
of the target base 



To Fig. 3b 





(addi tional bases 


instal 1 ) 


! v 






Read UA in base adapter 














1 1 




Search an installed base 




Pr:v ide UA to the WM 








26 ^ 


Give it UA 






1 2s' 



29. 



E* tract Knet from Knet 



Knet is installed in 
the base adapter 



c 30 



FIGURE 3a 



1 1 



EP 0 658 021 A1 



• 



Manufacturing 
Plan-. 



Wireless First Bsse 

Manager (WM) Adapter 



Hobile station 
Adapter 



From fig3a 

(mobi 1 e station install) 



l 

•►•Read UA in mobile adapter 
I , 



Other Base 
Adapter 



U6 



Choose a name to the 
mobile station 



J7 



Provide UA and name to the 
Wireless Manager 



.18 



19^ 



Search an installed base- 
and give it UA and name 



Compute Knet(nase) and 
name 1 - i (Knet (name) .UA.Kra) 
Send name' to the WM 



20 



21> 



Provide name 1 to the adapter 
of the target mobite station 



Extract Knot (name) from name 1 —22 



Knet(name) is installed in 
the mobile adapter 



-23 



FIGURE 3b 



12 



EP 0 658 021 A1 



8ACKB0NE NETWORK 
Token Ring / Ethernet / PC NET 



Base station 



Remote 
Station 

7 



Remote 
Station 



Remote 
Station 



Dase station 



Remote 
Station 



Remote 
Station 



FIGURE 1 



EP 0 658 021 A1 



• 




WIRELESS MANAGER 




Router 



Base Station 
(BS) 




WCA ' 




Pi 

^ — > 


WIRELESS 
ADAPTER 



Km.UAl 
Knet 








WCA 




0 





WIRELESS 
ADAPTER 



WIRELESS) Km,UA3 | WIRELESS Km,UAA 

! adapter' 



nameB 



Knet(nameB> 



Remote Station Remote Station 




Km,UA2 



Km, JA5 



— I Km, 
WIRELESS! tja6 
ADAPTER i 



nameD 



Remote Station Remote Station 



FIG • 2 



10 



EP 0 658 021 A1 



Base Adapter 



Wireless Manager (WM) 



38^ 



Store Kl 



39H. 



Coopute Knet and Kb 



42- 



Determine 

HI* random number 






Send it t< 


> the WH 



35- 



4- 



Receive a request for 
instal 1 ing 1st base 



36- 



37. 



Compute a random 
Prel imi nary Key Kl 



Send it to the Base 
1 



40' 



Start Kb Retrieval 
process: 



AUTH1 -oessage 



AUTH2 message 



43. 



44. 



Store Nl 



Dctermi ne 

N2= random number 



to Fig. 4b 



FIGURE 4a 



13 



EP 0 658 021 A1 



Base Adapter 



47 



48. 



49- 



50 • 



51 



52 



Store N2 



Compute and authenticate 

Kl (BKEY+Kl (N2+K1(N1) ) ) ) 

(WH authentication) 



Compute JC1(K2*K1(N1)) 



Compute Kl(Kb) 



Compute Kl(lCI(Kb)+N2) 



Send authentication parameters 
to the Wireless Manager 



Wireless Manager 
Frcnn.Eig.4a . 



45 



46 



Compute i 

<1(BKEY+IC1{WM^IC1(N2+K1(NI)) )) 



Send N2 with authentication, 
parameter 



AUTH3 message 



AUTH4 message 



53- 



54. 



Compute and authenticate 

Kl(N2+ia(Nl)) 
(Base adapter authentication) 



4- 



Decrypt Kl(Kb) 
Extract Kb 



Compute and authenticate 
55^1 Kl(Kl(Kb)*N2) 



T 



56-v- 



57- 



Delete Kl, Nl and N2 

i 



Store Kb hidden in 
the station memeory 



FIGURE 4b 



14 



EP 0 658 021 A1 



Base Adapter 



68, 



Store N2 and UA 



Determine 

Nl= random number 






i 

Send it t< 


) the WM 



^62 

4 



63 



Compute and authenticate 

Kb (NKEY*Kb (WM+Kb ( N2+Kb (Nl ) ) ) ) 

{WM authentication) 



Compute 

Knef - f (Knet, UA, Km) 



69 



70 



Comp<te Kb(N2+Kb(Nl) ) 



-71 



Compute Kb(Knet') 



"72 



Compute Kb(Kb(Knet')*M2) 



Send authentication parameters [ 
to the Wireless Manager 



73 
74 



Wireless Manager (WM) 

; 



! Receive a request with 
60 ->J UA from the console 



Choose a Base Station 

AUTH1 message 



AUTH2 message 



64 -V! Store Nl 

65. 



Determine 
N2= random number 



66 « 



67 



Compute 

JCb(NKEY*Kb (WM+Kb (N2*Kb ( Nl ) ) ) ) 



Send UA and N2 with 
\J authentication parameters- 



AUTH3 message 



AUTH4 message 



75 



76- 



Compute and authenticate 

Kb(N2*Kb(Nl)) 
(Base adapter authentication) 



Decrypt Kb(Knef) 
Extract Knet' 



| Compute and authenticate 
77 N Kb(Kb(Knet')+N2) 



Delete Nl and N2 



79 -J Display Knet 1 at the console 



Figure 5 



15 



EP 0 658 021 A1 



Base Adapter 



Determine 

Nl» random number 






Send it t< 


3 the WM 



Compute and authenticate 

Kb ( name+Kb (WM+Kb { N2+Kb ( N 1 ) ) ) ) 

(WM authentication) 



82' 



Compute Knet(name) and 
name' • f (Knet(name) , UA, Km) 



P^mpute Kb(N2+Kb(Nl)) 



Compute Kb(name') 



Compute Kb(Kb(name')*N2) 



Send authentication parameters 
to the Wireless Manager 



Wireless Manager (WM) 



* 

Receive a request with 
UA and name from the 
console 



Choose a Base Station 



AUTH1 message 



AUTH2 message 



Store HI 



Determine 

N2- random number 



80 



Compute 

Kb ( name*Kb (WM+Kb ( N2*Kb (N 1 ) ) ) ) 





8U 


Sena UA, name and N2 with 
authentication parameters 


Store N2, name and UA 
1 




AUTK3 message 





AUTH4 message 



Compute and authenticate 

Kb(N2*Kb(Nl)) 
(Base adapter authentication) 



Decrypt Kb(name') 
Extract name* 



Compute and authenticate 
Kb(Kb(name , )*N2) 



Delete Nl and N2 



Display name 1 at the console 



Figure 6 



15 



Kuropean Patent 
Office 



EUROPEAN SEARCH REPORT 



Application Number 

EP 93 48 0219 



DOCUMENTS CONSIDERED TO BE RELEVANT 



Category 



US-A-5 199 072 (WHITE ET AL) 
abstract * 

* column 1, line 17 - line 42; figure 1 * 

* column 1, line 62 - column 2, line 6 * 

COMPUTERS & SECURITY. INTERNATIONAL 
JOURNAL DEVOTED TO THE STUDY OF TECHNICAL 
ANO FINANCIAL ASPECTS OF COMPUTER 
SECURITY, 

vol.9, no. 2, April 1990, AMSTERDAM NL 
pages 145 - 152 

DOMINGO-FERRER 'Security Network 
Bootstrapping: An Algorithm for Authentic 
Key Exchange and Digital Signatures.' 

* page 146, right column, line 9 - page 
147, right column, line 7 * 



Citation of 4 



ropriate, 



1.6,9 



1,6,9 



CLASSIFICATION OF THE 
APPLICATION flat-CLo) 



H04L9/08 
H04L9/32 



TECHNICAL FIELDS 
SEARCHED (Int-CLo) 



H04L 




X : pwtkattHy M iW if 0*« ahmm 
Y : partkatariy lOmM if omboM «Hb 




PAGE BLANK (usfto) 



